<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div>As mentioned before I tried to play with local-network-acl but no joy. Maybe it’s just not right? On which profile I should tune?</div><div><br></div><div><div>&nbsp; &nbsp;&lt;list name="lan" default="deny"&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;node type="deny" cidr="172.17.2.3/32"/&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;node type="deny" cidr="172.17.2.4/32"/&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;node type="allow" cidr="192.168.0.0/16"/&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;node type="allow" cidr="10.0.0.0/8"/&gt;</div><div>&nbsp; &nbsp; &nbsp; &lt;node type="allow" cidr="172.16.0.0/12"/&gt;</div><div>&nbsp; &nbsp; &lt;/list&gt;</div></div><div><br></div><div>On both profiles I have like this</div><div>Int</div><div><div>&nbsp; &nbsp;&lt;param name="rtp-ip" value="$${inside_bind_ipv4}"/&gt;</div><div>&nbsp; &nbsp;&lt;param name="sip-ip" value="$${inside_bind_ipv4}"/&gt;</div><div>&nbsp; &nbsp;&lt;param name="ext-rtp-ip" value="$${inside_bind_ipv4}"/&gt;</div><div>&nbsp; &nbsp;&lt;param name="ext-sip-ip" value="$${inside_bind_ipv4}"/&gt;</div></div><div><br></div><div>Ext</div><div><div>&nbsp; &nbsp; &lt;param name="rtp-ip" value="$${outside_bind_ipv4}"/&gt;</div><div>&nbsp; &nbsp; &lt;param name="sip-ip" value="$${outside_bind_ipv4}"/&gt;</div><div>&nbsp; &nbsp; &lt;param name="ext-rtp-ip" value="$${outside_bind_ipv4}"/&gt;</div><div>&nbsp; &nbsp; &lt;param name="ext-sip-ip" value="$${outside_bind_ipv4}"/&gt;</div></div><br><div><div>On 8 Oct &nbsp;2016, at 00:48, Brian West &lt;<a href="mailto:brian@freeswitch.org">brian@freeswitch.org</a>&gt; wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr">you have to fix your local-network-acl in each system probably to do the right thing, do you have the ext-rtp-ip set with the automat: prefix?</div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 7, 2016 at 1:23 PM, Serge S. Yuriev <span dir="ltr">&lt;<a href="mailto:me@nevian.org" target="_blank">me@nevian.org</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; padding-left: 1ex; position: static; z-index: auto;">Hello,<br>
<br>
Two SIP profiles:<br>
External 83.хх<br>
Internal <a href="http://10.23.154.0/24" rel="noreferrer" target="_blank">10.23.154.0/24</a><br>
<br>
Via external we are receiving/send calls from/to <a href="http://172.17.2.0/29" rel="noreferrer" target="_blank">172.17.2.0/29</a><br>
For some reason if we call outside FS sends unmodified addresses in SDP.<br>
So we have unroutable address in SDP and one-way audio. If call flows<br>
ext to int all working correct.<br>
Tried local-network-acl on inside (10.хх) with excluded 172.хх,<br>
apply-nat-acl with included 172.xx on either int and ext. Nothing helps :(<br>
<br>
"Bad one" SDP - from internal to external<br>
send 960 bytes to udp/[10.23.154.63]:6060 at 18:16:22.226984:<br>
&nbsp; &nbsp; ------------------------------<wbr>------------------------------<wbr>------------<br>
&nbsp; &nbsp; SIP/2.0 200 OK<br>
&nbsp; &nbsp; Via: SIP/2.0/UDP 10.23.154.63:6060;branch=<wbr>z9hG4bKe433fa68b81<br>
&nbsp; &nbsp; From: "IT, Юрьев Сергей"<br>
&lt;<a href="mailto:sip%3A12550@10.23.154.63">sip:12550@10.23.154.63</a>&gt;;tag=<wbr>195594~27154efa-6325-45a2-<wbr>9e47-67e5d9302ebc-237816120<br>
&nbsp; &nbsp; To: &lt;<a href="mailto:sip%3A62987%25236546@10.23.154.100">sip:62987%236546@10.23.154.<wbr>100</a>&gt;;tag=66NUXXHvB6HBp<br>
&nbsp; &nbsp; Call-ID: <a href="mailto:86c80-7f71bc46-c44e-3f40000a@10.23.154.63">86c80-7f71bc46-c44e-3f40000a@<wbr>10.23.154.63</a><br>
&nbsp; &nbsp; CSeq: 101 INVITE<br>
&nbsp; &nbsp; Contact: &lt;<a href="http://sip:mod_sofia@10.23.154.100:6060/" rel="noreferrer" target="_blank">sip:mod_sofia@10.23.154.100:<wbr>6060</a>&gt;<br>
&nbsp; &nbsp; User-Agent:<br>
FreeSWITCH-mod_sofia/1.7.0+<wbr>git~20160707T165535Z~<wbr>be13536ac9~64bit<br>
&nbsp; &nbsp; Accept: application/sdp<br>
&nbsp; &nbsp; Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE,<br>
PRACK, NOTIFY<br>
&nbsp; &nbsp; Require: timer<br>
&nbsp; &nbsp; Supported: precondition, 100rel, timer, path, replaces<br>
&nbsp; &nbsp; Allow-Events: talk, hold, conference, refer<br>
&nbsp; &nbsp; Session-Expires: 1800;refresher=uac<br>
&nbsp; &nbsp; Content-Type: application/sdp<br>
&nbsp; &nbsp; Content-Disposition: session<br>
&nbsp; &nbsp; Content-Length: 180<br>
<br>
&nbsp; &nbsp; v=0<br>
&nbsp; &nbsp; o=- 1475853382 2 IN IP4 172.17.2.3<br>
&nbsp; &nbsp; s=-<br>
&nbsp;&gt;&gt;&nbsp; &nbsp;c=IN IP4 172.17.2.4<br>
&nbsp; &nbsp; b=AS:64<br>
&nbsp; &nbsp; t=0 0<br>
&nbsp; &nbsp; m=audio 3040 RTP/AVP 8 101<br>
&nbsp; &nbsp; a=rtpmap:8 PCMA/8000<br>
&nbsp; &nbsp; a=rtpmap:101 telephone-event/8000<br>
&nbsp; &nbsp; a=ptime:20<br>
<br>
<br>
And a good one - external to internal<br>
send 1162 bytes to udp/[10.23.154.65]:5060 at 12:34:15.132027:<br>
&nbsp; &nbsp; ------------------------------<wbr>------------------------------<wbr>------------<br>
&nbsp; &nbsp; INVITE <a href="mailto:sip%3A12550@10.23.154.65">sip:12550@10.23.154.65</a> SIP/2.0<br>
&nbsp; &nbsp; Via: SIP/2.0/UDP 10.23.154.100:6060;rport;<wbr>branch=z9hG4bKUXyFjDmg8rtmB<br>
&nbsp; &nbsp; Max-Forwards: 69<br>
&nbsp; &nbsp; From: "Абонент"<br>
&lt;<a href="sip:$(caller_id_number)@">sip:$(caller_id_number)@</a><a href="http://10.23.154.100/" rel="noreferrer" target="_blank">10.<wbr>23.154.100</a>&gt;;tag=1agg8aZ7FUUBK<br>
&nbsp; &nbsp; To: &lt;<a href="mailto:sip%3A12550@10.23.154.65">sip:12550@10.23.154.65</a>&gt;<br>
&nbsp; &nbsp; Call-ID: d8367628-0fc1-4325-998f-<wbr>3f32f9d3a05b<br>
&nbsp; &nbsp; CSeq: 97580363 INVITE<br>
&nbsp; &nbsp; Contact: &lt;<a href="mailto:sip%3Agw%2Bcucm-65@10.23.154.100">sip:gw+cucm-65@10.23.154.100</a>:<wbr>6060;transport=udp;gw=cucm-65&gt;<br>
&nbsp; &nbsp; User-Agent:<br>
FreeSWITCH-mod_sofia/1.7.0+<wbr>git~20160707T165535Z~<wbr>be13536ac9~64bit<br>
&nbsp; &nbsp; Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE,<br>
PRACK, NOTIFY<br>
&nbsp; &nbsp; Supported: precondition, 100rel, timer, path, replaces<br>
&nbsp; &nbsp; Allow-Events: talk, hold, conference, refer<br>
&nbsp; &nbsp; Content-Type: application/sdp<br>
&nbsp; &nbsp; Content-Disposition: session<br>
&nbsp; &nbsp; Content-Length: 268<br>
&nbsp; &nbsp; X-FS-Support: update_display,send_info<br>
&nbsp; &nbsp; Remote-Party-ID: "Абонент"<br>
&lt;<a href="sip:$(caller_id_number)@">sip:$(caller_id_number)@</a><a href="http://10.23.154.100/" rel="noreferrer" target="_blank">10.<wbr>23.154.100</a>&gt;;party=calling;<wbr>screen=yes;privacy=off<br>
<br>
&nbsp; &nbsp; v=0<br>
&nbsp; &nbsp; o=FreeSWITCH 1475804423 1475804424 IN IP4 10.23.154.100<br>
&nbsp; &nbsp; s=FreeSWITCH<br>
&nbsp;&gt;&gt;&nbsp; &nbsp;c=IN IP4 10.23.154.100<br>
&nbsp; &nbsp; t=0 0<br>
&nbsp; &nbsp; m=audio 28432 RTP/AVP 8 18 101 13<br>
&nbsp; &nbsp; a=rtpmap:8 PCMA/8000<br>
&nbsp; &nbsp; a=rtpmap:18 G729/8000<br>
&nbsp; &nbsp; a=rtpmap:101 telephone-event/8000<br>
&nbsp; &nbsp; a=fmtp:101 0-16<br>
&nbsp; &nbsp; a=rtpmap:13 CN/8000<br>
&nbsp; &nbsp; a=ptime:20<br>
<br>
--<br>
Serge S. Yuriev<br>
Senior VoIP engineer<br>
<br>
<br>
______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com/" rel="noreferrer" target="_blank">http://www.<wbr>freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org/" rel="noreferrer" target="_blank">http://confluence.freeswitch.<wbr>org</a><br>
<a href="http://www.cluecon.com/" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.<wbr>freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank">http://www.freeswitch.org</a></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><p><font face="courier new, monospace"><b><i><font size="4">Brian West</font></i></b><br><span style="font-size:x-small"><a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a></span></font></p><p><font size="1" face="courier new, monospace"><img src="http://billing.freeswitch.org/templates/default/img/whmcslogo.png"><br></font></p><p><font size="2" face="monospace, monospace"><b><i>Twitter: @FreeSWITCH , @briankwest</i></b><br><a href="http://www.freeswitchbook.com/" target="_blank">http://www.freeswitchbook.com</a>&nbsp;(50% Discount using code FreeSwitch50)<br><a href="http://www.freeswitchcookbook.com/" target="_blank">http://www.freeswitchcookbook.com</a>&nbsp;</font><span style="font-family:monospace,monospace;font-size:small">(50% Discount using code FreeSwitch50)</span><font size="2" face="monospace, monospace"><br></font><a href="https://www.gofundme.com/freeswitch_ubuntu" style="font-size:12.8px" target="_blank"><font face="monospace, monospace">https://www.gofundme.com/freeswitch_ubuntu</font></a></p><p><font face="monospace, monospace">Got Bugs? Report them <a href="https://freeswitch.org/jira" target="_blank">here</a>! | Reddit:&nbsp;<a href="https://www.reddit.com/r/freeswitch" target="_blank">/r/freeswitch</a></font></p><p><font size="2" face="monospace, monospace"><b>T:</b>+19184209001 | <b>F:</b>+19184209002 | <b>M:</b>+1918424WEST (9378)<br><b>iNUM:</b>+883 5100 1420 9001 |&nbsp;<b>ISN:</b>410*543 |&nbsp;<b>Skype:</b>briankwest</font></p></div></div></div></div></div></div></div></div>
</div>
_________________________________________________________________________<br>Professional FreeSWITCH Consulting Services: <br><a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>http://www.freeswitchsolutions.com<br><br>Official FreeSWITCH Sites<br>http://www.freeswitch.org<br>http://confluence.freeswitch.org<br>http://www.cluecon.com<br><br>FreeSWITCH-users mailing list<br>FreeSWITCH-users@lists.freeswitch.org<br>http://lists.freeswitch.org/mailman/listinfo/freeswitch-users<br>UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users<br>http://www.freeswitch.org</blockquote></div><br><div>
<div>--&nbsp;</div><div>Serge S. Yuriev</div><div><br></div><br class="Apple-interchange-newline">

</div>
<br></body></html>